Archive

How to create a rule that does a search against phishtank.com

Explorer

basically i want to be able to search if users have visited sites that are listed in phishtank.

Tags (1)
1 Solution

Splunk Employee
Splunk Employee

The Phishing Lookup app will enable this use case for you.

View solution in original post

Splunk Employee
Splunk Employee

The Phishing Lookup app will enable this use case for you.

View solution in original post

Splunk Employee
Splunk Employee

Right you are, @martin_mueller, I'll ping the blog post author and ask him to fix the link.

0 Karma

SplunkTrust
SplunkTrust

The link in that blog is broken, apparently http://apps.splunk.com/app/995/ is correct... there's a colon missing after http.

0 Karma

Path Finder

This would make a great TA. If I have time I might even have a go a writing one myself.

0 Karma

SplunkTrust
SplunkTrust

Sounds like a job for a scripted lookup. Write a script that performs a query against whatever API phishtank has, and set that up as a lookup for your data.

0 Karma